Author Topic: DoD - Juniper Networks- DISA - DSN - JITC - GIG - Cyber Security  (Read 13236 times)

0 Members and 1 Guest are viewing this topic.

Offline infowarrior_039

  • Member
  • *****
  • Posts: 789
  • explosions in the sky
    • Truth Archive

Juniper Networks Receive DoD Certification:

Juniper Networks Circuit-to-Packet Solutions Receive U.S. Defense Department Certification
Juniper Networks “Everything over IP” Solutions Help Government Agencies Migrate to High-Performance IP Networks

Juniper Networks, Inc. the leader in high-performance networking, is pleased to note that its Circuit-to-Packet (CTP) solutions have been tested and certified by the U.S. Defense Information Systems Agency (DISA) Joint Interoperability Test Command (JITC) and are now on the Defense Switched Network (DSN) approved products list. Juniper Networks CTP solutions were the first on the market to successfully complete this rigorous testing and certification process in 2007, and remain among the industry’s very few CTP offerings to be certified by JITC for both interoperability and information assurance.

Circuit-to-packet solutions enable government agencies to migrate legacy circuit-based network applications (e.g., multiplexing transport networks, PBX systems) to higher-performance, packet-based Internet Protocol (IP) networks. The convergence of voice, data, video, web traffic and file sharing applications from circuit to IP networks is increasingly desired by government agencies as a means of concurrently managing explosive growth in network volume while improving network performance, security and cost efficiency.

Juniper Networks CTP solutions bridge the gap faced by government agencies in migrating to the efficiency and cost-savings enabled by these converged “Everything over IP” (EoIP) networks. Largely left out of the government’s evolution to EoIP is the large, installed base of circuit-based applications, such as time division multiplexing (TDM) and Private Branch Exchange (PBX) networks, serial encryption connections, and analog and digital radio systems networking. The synchronous transport requirements of these legacy systems cannot be addressed by packet-based networks.

Juniper Networks CTP products allow government agencies to quickly, reliably, and securely transport large, circuit-based applications across next-generation IP networks. The rigorous JITC certification of the interoperability and information assurance capabilities of Juniper Networks CTP solutions reflects their ability to deliver secure, field-proven flexibility, performance and reliability that federal government applications require.

JITC interoperability testing and certification are required by the U.S. Department of Defense (DOD) for all IT equipment that attaches to U.S. defense voice networks. As part of JITC certification, the Defense Security Accreditation Working Group (DSAWG) grants the U.S. military services’ approval for connecting networking technologies to the DoD Global Information Grid (GIG), a series of interconnected computer networks used to securely transmit information by packet switching over TCP/IP protocols.

The Juniper Networks CTP products receiving JITC certification include the CTP1000 Series and CTP2000 Series, with Software Release 4.3R2 and CTPView Version 2.2, a graphical user interface providing detailed performance reports of real-time and historic network performance. Juniper Networks CTP solutions offer a range of size, port capacity, and redundancy options and are IPv6 compliant.

Products on this list have received Joint Interoperability Certification (JIC) and Information Assurance Accreditation (IA) in accordance with the Department of Defense Instruction DoDI 8100.3.


DOD UC APL End of Life
DOD UC Policy Documents
DOD UC Joint Interoperability Certification and Information Assurance Accreditation Testing Schedule
DOD UCCO Test Submittal Form
DSN RTS IA Test Plan
DSN RTS IO Test Plans
DSN APL IO Test Plans
DSN IA APL Test Plans


UCR 2008

CJCSI 6215.01C

DoDI 8100.3 Clarifications

2-Wire Analog APL Approval

DoDI 8100.3

Certification Statute

JITC Testing Policy

Interoperability Policy Documents

Call Forwarding MFR

IPv6 Policy

DOD 8500.1

DODI 8500.2

Joint Staff Memo to DoD

Vendor Memorandum

DSN Read/Write Access Policy

19 Aug 09 UCCO Schedule Final.xls
DOD Unified Capabilities Information Assurance and Interoperability Testing Schedule

Vendor Type Test Description Tracking # Sponsor AO
3 10 17 24 31 7 14 21 28 5 12 19 26 2 9 16 23 30 7 14 21 28 4 11 18 25 1 8 15 22 1 8 15 22 29
ActionPacked NM Networks LiveAction V1.7 0921001 PACOM EM
Alcatel-Lucent PBX1 IP Call Server Rel. 2.0 0906401 DISA JR
Cisco PBX1 Unified Communication Manager 7.1 (2) 0901201 Air Force EM
Edge Access PBX2 VW2400-SRV-S R5-09151 0906901 Army AB
Extreme Core BlackDiamond 20808 v12.3.1 0904101 Army EM
Extreme Core BlackDiamond 8810 v12.3.1 0904201 Army EM
Extreme Distro BlackDiamond 8806 v12.3.1 0904202 Army EM
Extreme Access Summit X650 v12.3.1 0904203 Army EM
Extreme Access Summit X450e v12.3.1 0904204 Army EM
Extreme Access Summit X250e v12.3.1 0904205 Army EM
Extreme Access Summit X150 v12.3.1 0904206 Army EM
Extreme Access Summit X350 v12.3.1 0904207 Army EM
Extreme Distro BlackDiamond 12804 v12.3.1 0904209 Army EM
Fujitsu TNE FW9500 R3.1 0915502 Army DC/BD
Fujitsu TNE FW7500 R6.1 0915503 Army DC/BD
General Dynamics DSCD PSTN vIPer Phone Rel. 2.11 0920202 Army AB
Interactive Intelligence PBX1 CIC Rel. 3.0 0918002 DCMA OW
Juniper TNE CTP 1000/2000 Rel. CTPOS 5.4 0910501 Air Force EM
Juniper Access EX 3200 JUNOS 9.3 0922201 Army JR
Juniper Access EX 4200 JUNOS 9.3 0922202 Army JR
Juniper A,C,D MX 960/480/240 JUNOS 9.3 0922203 Army JR
Lifesize VTC Video Systems Family Rel. 1 0915501 DISA BB/BF
Lifesize VTC Video Systems Family Networker V.1 0920501 DISA BB/BF
Microsoft PBX2 Unified Communications, Rel. v3.0.6362 0913302 Army EM
Microsoft UC & C Office Communicator Client Rel. v3.0.6362 0918003 Army EM
NEC PBX2 Univerge NEAX 2000 IPS R14 P1 4.03 0909201 Army AB
NEC PBX1 Sphericall v7.0 0912501 Army AB
PCR NM COMIT Rel. 5.0 0901401 DISA AB
Plant Equipment CPE Vesta SL-100 Rel. 2.3 Feature Pa 0912001 Air Force CH
Polycom VTC RMX 2000 Rel. 4.5 0909601 Air Force BB/BF
Raytheon DSCD CEU 01-01848-001 Rel. 2.01 w/ Logitel MR-1060 0819701 DISA AB V V
Raytheon DSCD CEU 01-01848-001 Rel 2.01.08 0818202 DISA AB V V
Tadiran PBX 1 Coral PBx Rel. 14.67 0908201 DISA AB
Tekelec NM Eagle STP IAS Rel. 4.0.1 0900801 DISA JR V V
Tellabs TNE (Opti) 7100 OTS Rel. 5.1.1 0914901 Army SP/BD
Tellabs TNE (Opti) 7100 Nano OTS Rel. 5.1.1 0914902 Army SP/BD
Tellabs TNE (Opti) 5500NGX Rel 0914903 Army SP/BD
Tellabs TNE (Opti) 1150 MSAP Rel. 25.3.1 0914904 Army SP/BD
Tellabs TNE (Opti) 1134 MSAP Rel. 25.3.1 0914905 Army SP/BD
Tellabs TNE (Opti) 1000 VGW Rel. 13.4 0914906 Army SP/BD
Unique NM CAIRS Rel 4.0 0901601 Navy JR
VERAMARK NM VeraSmart Rel. 8.1 0910401 Navy AB
Avaya LSC S8720 Rel. CM4.0 732.5 (Pre-Production) 0920201 ARMY JR
Cisco EBC 3845 Rel. IOS 12.4(22)YB1(Pre-Production) 0922204 DISA EM
Cisco LSC Unified Communications Manager w/IOS 12.4(22)T2 Rel. 7.1(2) (Pre-Pro0d9u15c5ti0o5n) Air Force EM
Nortel LSC AS 5300 Rel. 2.1 (Pre-Production) 0911801 UCMC OW
Nortel MFSS CS2100 XA-Core SE09.1 w/AS 5300 (Prototype) 0903501 DISA OW
JIC Testing IA and IO IA Testing AFIOC TIC JITC IH 3 10 17 24 31 7 14 21 28 5 12 19 26 2 9 16 23 30 7 14 21 28 4 11 18 25 1 8 15 22 1 8 15 22 29

No Testing SETUP JITC FH Aug-09
Sep-09 Dec-09
Dec-09 Jan-10
As of 19 Aug 09 Nov-09

4. Action Officers: Bill Barber, Anita Bickler, Barbara Davis, Brad Friedman, Cary Hogan, Rodney Hom, Edward Mellon, Son Pham, Joe Roby, Maj Tolbert, and Capt Oskar Widecki.
Sep-09 Oct-09
Aug-09 Jan-10 Mar-10

RTS Assessment Testing

* Note - There is no testing performed during Federally observed holidays.
The Applicant is required to complete the following items listed below. Neither Interoperability nor Information Assurance testing will be conducted on the submitted solution without completion of the following items.

1. Vendor/Sponsor responsible for coordinating payment of lab testing fees/CRADA agreements with the Action Officer that will contact applicant upon acceptance of completed test submittal.
2. Provide Technical Documentation for the product to include diagrams (as intended for test), security white papers, architecture documents, vendor guidelines and or a list of all system components, the underlying operating system, all applicable solution version numbers.
3. Apply applicable Security Technical Implementation Guide (STIGS) for the submitted product prior to the scheduled IA and IO testing. Compliance to all applicable STIGs will be verified during lab setup. (UCCO 520-538-3234/533-9246)

APL Certification Testing
Page 1

E-7.3 Functionality Test Procedures. The first step in conducting a
vulnerability test is to perform a functionality check. Testing the SUT’s functionality
ensures that the product operates as intended in a fielded environment. Perform the
functionality test at the beginning of Phase II testing to ensure that all services and
applications are functioning and communicating correctly. Functionality testing varies
from system to system and targets the basic operational functions. It is not meant to be
a substitute for an interoperability test.
Some products, such as CPE, rely on external systems to exercise their
capabilities. For example, a secure modem solution is inactive until an external switch
initiates a call. In this case, the external switch is outside the scope of the IA test.
However, the tester and vendor must ensure the external switch is operational to
perform IPV testing on the secure modem solution. Functionality tests are performed
before Phase II testing begins, and then again at the conclusion of Phase II testing.
Monitor IP traffic during the functionality test and save the results for further evaluation,
if necessary. The objective is to ensure that the SUT is functionally operational before
Phase II IPV testing commences.
The IPV testing should be performed from the external or outside perspective
and from the internal or inside perspective. An inside perspective is analogous to what
a “trusted insider” or an employee has, or the same as an attacker would have once
perimeter defenses (firewalls) are breached. An outside perspective is analogous to the
same perspective someone would have on the Internet, looking in at the system. The
attacker would have the perspective of an “untrusted outsider” and would be looking in
at the product. The following DoDI 8500.2 IA Controls apply to all the IPV testing
procedures: DCPP-1, ECVI-1, ECTM-2, VIVM-1, and ECMT-1.
E-7.4 Internet Protocol Interface Identification. Verify operational and identify
all IP interfaces.
E-7.5 Lines. If the SUT supports lines, the following manual calls are
attempted: Analog to Analog, IP to IP, Analog to IP, and IP to Analog. Verify that all
test calls can be completed successfully.
E-7.6 Trunks. If the SUT supports trunks, the following manual calls are
attempted: Analog over trunk and IP over trunk. Verify that all test calls can be
completed successfully.
E-7.7 Internet Protocol Handsets. All IP handsets are identified and the
protocols used identified (e.g., Session Initiation Protocol (SIP) and Simple Client
Control Protocol (SCCP)).
E-8.1 Test Perspectives. The IPV and PA testing are performed from an
external and internal perspective. An external perspective is what someone on the
Internet, DISA Network, or Unclassified-But-Sensitive Internet Protocol Router Network
(NIPRNet) would see from outside the network (i.e., an attacker looking in at the
network’s outer perimeter defenses, such as a firewall and/or router with an ACL). An
internal perspective is what someone would see from inside the system (i.e., a trusted
employee, a client user, or an attacker who has breached the firewalls). This method of
testing can be found in section 3 of the NIST Special Publication 800-42, Guideline on
Network Security Testing. The following DoDI 8500.2 IA Controls apply to all of the IPV
testing procedures: DCPP-1, ECVI-1, ECTM-2, VIVM-1, and ECMT-1.
E-8.2 Host Discovery. Detecting all possible hosts in use by the SUT and their
corresponding IP address information is the first step in the technical evaluation.
Although the product vendor provides the IP address information, the test team ensures
that there are no other undocumented IP-routable addresses. In addition to physical
host network adapters, an IP address can be discovered from a variety of sources.
Such sources include virtual Ethernet adapters, virtual machine addresses, and hostbased
network addresses, which could all create possible vulnerabilities in the SUT.
The following are general techniques that are used to discover available hosts, an IP
address, or any other IP-routable end-points.
E-8.3 Ping Sweep. A general Packet Internet Groper (Ping) sweep determines
what hosts are available via the Internet Control Message Protocol (ICMP) message.

This is generally an ICMP echo request (type 8) to elicit an ICMP echo reply (type 0)
from a host.
Table E-18 shows the Ping sweep test procedures, which use the following
testing components: a laptop with a port scanning application installed, a laptop
assigned with an IP address compliant with the test environment, and an Ethernet hub.
Table E-18. Ping Sweep Test Procedures
Procedure Results
Configure IP vulnerability testing laptop.
Ethernet connection:
An Ethernet port on the SUT, with its associated IP address,
should be available for test purposes. The port location should be
such that access to the largest number of IP addresses within the
solution is possible. Use of an Ethernet hub is the preferred
method of connection.
The IP test laptop and the IP interfaces under test are
cabled to the Ethernet hub.
Assign IP address:
An IP address and Subnet mask will be assigned to the laptop NIC
that is within the range being used by the SUT.
The IP test laptop is configured with an IP address that
is included within the Subnet range of the SUT. The
use of the “Ping” command verifies that the test laptop
can communicate with the SUT.
Host Discovery:
A general ICMP (Ping) sweep of the entire subnet will be
conducted to discover any devices within the SUT that respond to
an ICMP.
The following is an example of a ping sweep of a standard class C
IP address range using NMAP:
#NMAP –sP –n
The results returned by the ICMP Ping sweep will
include all available hosts within the subnet.
Eliminate “out of bounds” components:
Items such as gateways, network elements, or end-points that are
outside the IA test boundary will be removed from the discovery
findings and a list of discovered hosts will be established.
An evaluation of the returned results will eliminate all
components that are considered “out of the test
boundary” for the SUT.
IA Information Assurance
ICMP Internet Control Message Protocol
IP Internet Protocol
NIC Network Interface Card
NMAP Networked Messaging Application Protocol
Ping Packet Internet Groper
SUT System Under Test
E-8.4 Transmission Control Protocol (TCP) Sweep. A TCP sweep provides
insight into available hosts when the ICMP is disabled. A TCP sweep attempts to make
TCP connections to a host range on a specified port list. In the process of the TCP
sweep, a “three-way handshake” happens. The originator sends an initial packet called
a “synchronize” to establish communication and “synchronize” sequence numbers in
counting bytes of data that will be exchanged. The destination then sends a
“SYN/ACK,” which again “synchronizes” his byte count with the originator and
acknowledges the initial packet. The originator then returns an “ACK,” which
acknowledges the packet the destination just sent to him. The connection is now
“OPEN,” and ongoing communication between the originator and the destination are
permitted until one of them issues a FINish (FIN) packet or a Reset (RST) packet, or the
connection times out. The “three-way handshake” establishes the communication.
By providing a list of possible ports that might be available within a system or
product, the TCP connections are able to determine which hosts are up and available.

Common ports used in TCP sweeps include, but are not limited to, 21, 22, 23, 25, 54,
80, 137, 139, 443, and 445. Table E-19 shows the TCP sweep test procedures, which
use the following components: a laptop with a port scanning application installed, a
laptop assigned with an IP address compliant with the test environment, and an
Ethernet hub.
Table E-19. TCP Sweep Test Procedures
Procedure Results
Host Discovery:
A TCP sweep of the IP address space will be conducted to discover
devices that are not responding to ICMP or might be using hostbased
firewalls or IDSs.
The following is an example of a TCP ping sweep (System Ping) of a
standard class C IP address range using NMAP:
# NMAP –PS 21,22,23,25,53,80,137,139,443,445, and 2049
The results returned by the TCP sweep will
include all available hosts within the subnet that
did not respond to the ping sweep.
Eliminate “out of bounds” components:
The list of hosts that responds to this sweep will be compared to the
list of hosts defined in the ICMP sweep and any newly discovered
host will be added to the list of known hosts.
An evaluation of the returned results will eliminate
all components that are considered “out of
bounds” for this test.
Additional Hosts:
At this point, if the test team is satisfied that all the hosts are
discovered, they could move to traffic analysis or they could use ACK
scans, ARP scans, or alternate ICMP scans using different ICMP
Any additional hosts discovered should be
confirmed to be part of the SUT.
ACK Acknowledge
ARP Address Resolution Protocol
ICMP Internet Control Message Protocol
IDS Intrusion Detection System
IP Internet Protocol
NMAP Networked Messaging Application Protocol
SUT System Under Test
TCP Transmission Control Protocol
E-8.5 Traffic Analysis. Traffic analysis allows the test team to determine all the
hosts that the SUT uses in an operational environment. Accessing the network traffic in
transit provides an in-depth look at how information flows within the application and can
also be helpful in revealing hosts that are part of the communications process. This
process may require placing a network hub within the environment, network traffic flow,
or possibly in the configuration of a mirror port on an existing network element. Table
E-20 shows the traffic analysis test procedures, which use the following testing
components: a laptop with a port scanning application installed, a laptop assigned with
an IP address compliant with the test environment, and an Ethernet hub.

Table E-20. Traffic Analysis Test Procedures
Procedure Results
Initialize Traffic Sniffer:
A network analyzer such as WireShark (Ethereal) or tcpdump would be
enabled to view all the network traffic and ensure that data was not traveling to
devices that were not detected by the scanning and sweeping methods.
Confirm that all network traffic being
generated and passed is between
components of the System Under Test
Additional Hosts:
If any new hosts are discovered during the traffic analysis phase of testing, they
will be added to the list of auditable end-points, generally in a text file for the
Phase II evaluation.
Any additional hosts discovered
should be confirmed to be part of the
System Under Test.
E-8.6 Port Enumeration. Port enumeration provides a list of services or
applications running on the host and gives the tester a good indication of what operating
system might be present on the end-point. When all the hosts in use by the SUT are
determined, testers begin the initial evaluation of individual hosts. Each host is
individually inspected for all available information, such as running services, operating
system versions, and other applications. Information provided by investigating each
device in depth helps determine how susceptible an individual component of the SUT
might be to a potential attack.
Enumeration, provided by port scanning of each host, provides a detailed list of
which ports are open, closed, or filtered on a specified host. Port scans are conducted
in a multitude of varieties using many different protocols, packet flags, and techniques.
These various scans can yield different results in different situations, depending on the
configurations and protections of each host. Additional Open Source Security Testing
Methodology Manual (OSSTMM) strategies are in Appendices B and E.
Table E-21 shows the port enumeration test procedures, which use the following
testing components: a laptop with a port scanning application installed, an assigned IP
address compliant with the test environment, and an Ethernet hub.


The Department of Defense (DoD) Directive 8500.1 “Information Assurance (IA),”
24 October 2002, established the DoD policies for IA and directed that all information
technology be IA tested and certified before connection to the Defense Information
System Network (DISN). The DoD Instruction 8100.3, “Department of Defense Voice
Networks,” 16 January 2004, establishes the IA policy for DoD Voice Networks,
including the Defense Switched Network (DSN). The DSN Single Systems Manager
(SSM) is responsible for providing DSN IA test results to the DISN Designated
Approving Authorities in order to be granted IA certification and accreditation. The DSN
SSM has designated the Joint Interoperability Test Command (JITC) as the responsible
organization for DSN IA testing.

The JITC DSN IA Test Team (IATT) supports IA testing by determining
compliance with the Security Technical Implementation Guidelines, IA Vulnerability
Management announcements (e.g., alerts, bulletins, and technical guidance), and
additional IA requirements. In addition, the IATT scans for Internet Protocol
Vulnerabilities to determine residual risks and threat levels of the existing security
implementations and any security deficiencies on the network.

Upon completion of the IA assessment, the IATT analyzes data collected and
presents the test findings in an “IA Assessment Findings and Mitigations Report.” The
report contains security vulnerabilities found on the system during the test. The report
is emailed to the vendor so they may input their mitigation strategies for the security
vulnerabilities found. The assessment report, including the vendor’s mitigation
strategies is submitted to the Unified Capabilities Connection Office and the Defense
Information Systems Agency (DISA) Field Security Office (FSO) for comment. The FSO
will write a Certification and Accreditation letter to the DISN Security Accreditation
Working Group (DSAWG). The final assessment report is briefed to the DSAWG in the
form of a PowerPoint presentation. The DSAWG will decide whether to place the
vendor’s solution on the DSN Approved Products List, based on the findings and

Offline infowarrior_039

  • Member
  • *****
  • Posts: 789
  • explosions in the sky
    • Truth Archive
Re: DoD - Juniper Networks- DISA - DSN - JITC - GIG - Cyber Security
« Reply #1 on: August 29, 2009, 04:41:34 pm »

this ties into a continuaity of goverment theme:


J-6 CJCSI 6215.01C
DISTRIBUTION: A, B, C, J, and S 9 November 2007


Reference(s): See Enclosure F.

1. Purpose. This instruction establishes policy consistent with DODI 8100.3
(reference oo) and prescribes responsibilities for use and operation of the DOD
voice networks, to include but not be limited to the Defense Switched Network
(DSN), the Defense RED Switch Network (DRSN), Defense Video Services (DVS)
and all Defense Information Systems Networks (DISN) that provide RTS.

2. Cancellation. CJCSI 6215.01B, 23 September 2001, is canceled.
3. Applicability. This instruction applies to Office of the Secretary of Defense,
the Military Services, Chairman of the Joint Chiefs of Staff, combatant
commands, the Office of the Inspector General of the Department of Defense,
the Defense agencies, the DOD Field Activities and all other organizational
entities in the Department of Defense (referred to hereafter collectively as “the
DOD components”) in peacetime, crisis situations, and wartime. This
instruction also identifies policy and responsibilities concerning non-DOD
governmental, foreign government, and civilian organizational requests for
DSN, DRSN and DISN Assured RTS support (DARTS). Requests for waivers
this instruction will be forwarded through the DOD component chain of
command to the Joint Staff, stating the reason compliance is not possible.

This instruction is applicable to:

a. All telecommunications switches leased, procured (whether systems or
services), or operated by any DOD component of the Department of Defense.
b. The hardware or software for sending and receiving voice, data, or video
signals across a network that provides customer voice, data, or video

CJCSI 6215.01C
9 November 2007

equipment access to the DSN, DRSN or public switched telephone networks
c. End-to-End services (e.g., phone-to-phone, video-to-video units, fax-tofax;
secure terminal equipment (STE-to-STE) to include tactical applications.
d. All technologies i.e. (circuit switch, voice over Asynchronous Transfer
Mode (ATM), and Voice over Internet Protocol (VoIP)) that use DSN or DRSN
phone numbers; or that are otherwise incorporated into the DSN or DRSN
numbering or routing plans via area code, access code, Internet Protocol (IP)
addressing scheme, etc. for the origination and reception of voice, dial-up
video, and dial-up data for routine and precedence subscribers.
e. The DOD component's planning, investment, development, operations,
and management of telecommunications switches connected to the DSN or
DRSN for processing voice, dial-up video and dial-up data.
f. All networks that provide DISN RTS.

4. Policy. The DISN provides RTS via its router networks (NIPRNET, SIPRNET
and the DISN Service Delivery Nodes) and via DSN, DRSN and DVS. DSN and
DRSN are worldwide private-line telephone sub-networks of the DISN that
provide long-haul secure and non-secure telecommunications services to DOD
component authorized users. They are the integral components of the Global
Information Grid (GIG) that provide End-to-End services to critical users at the
highest levels of Government. Connection approval shall follow the
instructions and processes in CJCSI 6211.02B (reference hh). Both DSN and
DRSN are under the management control of the Director, Defense Information
Systems Agency (DISA). As the single system manager (SSM) (reference oo), on
behalf of USSTRATCOM, for both networks and the executive agent (EA) of the
DRSN, the Director, DISA, will be responsive to the needs and requirements of
the Chairman of the Joint Chiefs of Staff (CJCS) and DOD components. This
policy supersedes CJCS messages dtg 171649Z Dec 2002 Interim Voice over IP
(VoIP), dtg 221621Z Oct 2004 Voice over Secure IP (VoSIP) Requirements.
Enclosures A, D, and E, provide policy for the DSN. Enclosures B, D, and E,
provide policy for the DRSN. Enclosure C, D, and E provide policy for RTS.
Specific responsibilities are outlined in Enclosure E.

5. Definitions

a. The DSN is an inter-base, non-secure or secure DOD
telecommunications system that provides dedicated telephone service, voiceband
data, and dial-up video teleconference (VTC) for End-to-End command
use and DOD authorized C2 and non-C2 users in accordance with (IAW)
national security directives. Non-secure dial-up voice (telephone) service is the
system's principal service. (See references a and b)

CJCSI 6215.01C
9 November 2007

b. The DRSN is a secure C2 system and is a key component of the DOD
global secure voice services. The DRSN supports secure voice and secure
conferencing requirements of the President, Secretary of Defense, Chairman of
the Joint Chiefs of Staff, DOD components, and select federal agencies in
peacetime, crisis situations, and wartime. It is a separate, secure switched
network that is considered part of the DISN. Three sub-services provide the
foundation for the DOD secure voice services: the DRSN, the secure telephone
unit-III/secure terminal equipment (STU-III/STE) and other secure
communications interoperability protocol (SCIP) equipment that provide Endto-
End encryption over the DSN, and other secure wireless products. (See
references c and d)

c. The DISN is an integrated network, centrally managed and configured,
to provide telecommunications services for all DOD activities.
This information
transfer service is designed to provide dedicated point-to-point; point-tomultipoint;
and switched voice, data, imagery, and VTC services in support of
national defense C3I decision support requirements (references e and oo). For
GIG, Wide and Metropolitan Area Networking (WAN, MAN), use of the DISN is
mandatory unless granted a waiver from the GIG Waiver Panel (reference hh).
The DISN provides RTS via its circuit switched and IP router networks. These
networks include, but are not limited to: the DSN, DRSN, DISN, and the DVS
infrastructure, the DISN WAN to include the DISN SDN and access to those
SDN, Teleport, SIPRNET, and NIPRNET. The DISN’s underlying infrastructure
is composed of three major segments or blocks IAW CJCSI 6211.02B
reference hh):

(1) The sustaining base (i.e., base, post, camp or station and
Service Enterprise Networks) command, control, communications, computers
and intelligence (C4I) infrastructure will interface with the long-haul network to
support the deployed warfighter. The sustaining base segment is primarily the
responsibility of the Services.

(2) The long-haul telecommunications infrastructure, which includes
the communication systems and services between the fixed environment and
the deployed joint task force (JTF) and/or coalition task force (CTF) warfighter.
The long-haul telecommunications infrastructure segment is primarily
responsibility of DISA.

(3) The deployed warfighter and associated combatant commander
telecommunications infrastructures supporting the JTF or CTF. The deployed
warfighter and associated combatant command telecommunications
infrastructure is primarily the responsibility of Services.

CJCSI 6215.01C
9 November 2007

d. RTSs are a subset of the four categories of services contained in the GIG
Net Centric Implementation Document (NCID) v2, Quality of Service (QoS)
(T300): Signaling, Inelastic/RTS, Preferred Elastic and Elastic.

(1) Signaling includes Network Control for managing the network.
(2) Inelastic /RTS provide GIG users with live interactive
telecommunications to include voice and video and the user signaling for
setting up and taking down sessions over the network. They also include rapid
delivery of critical C2 information involving weapons delivery capabilities.
Inelastic RTS allows for the equivalent of “Face to Face” interactions in which
both factual and emotional content of the interaction can be conveyed and the
operation of surveillance and weapons systems that require rapid message
(3) Preferred Elastic services include services such as instant
messaging, user authentication imagery, video, and audio streaming.
(4) Elastic services include services such as, e-mail, web browsing, and
document transfers.
6. Responsibilities. See Enclosure E.
7. Administration. The DOD components must develop implementing policies
and procedures for the provisions of this instructions policy. The policies and
procedures must be coordinated with and provided to DISA to ensure that they
do not adversely affect network operation. Combatant commands must
validate DOD component policies.
8. Summary of Changes. The name of this instruction is changed from "Policy
for Department of Defense Voice Networks" to "Policy for Department of
Defense (DOD) Voice Networks with Real Time Services (RTS)". This includes
the use of (Internet Protocol) IP networks to transmit voice or video services
whether wired or wireless, tactical or strategic, Sensitive But Unclassified (SBU)
or Classified (reference oo). It also applies the emerging policies of the GIG
Mission Area Initial Capabilities Document JROCOM 095-04, 14 June 2004,
Key Performance Parameters to DISN RTS to support migration to a Net Centric
NetOps environment. Additionally, this revision updates DSN and DRSN
network performance parameters, cost recovery procedures, usage and security
policy, and enhancements to switches and terminal equipment. It updates the
definition of C2 users. It also incorporates guidance for the use of Enhanced
Mobile Satellite Service (EMSS) in conjunction with the DSN, as well as
numerous administrative and procedural changes.
9. Releasability. This instruction is approved for public release; distribution is
unlimited. DOD components, other federal agencies, and the public may

CJCSI 6215.01C
9 November 2007


obtain copies of this instruction through the Internet from the CJCS Directives
Home Page --
10. Effective Date. This Instruction is effective immediately upon receipt.

Lieutenant General, USA
Director, Joint Staff


ADIMSS Advanced DSN Integrated Management Support System
A/NM Administration/Network Management
ANDVT Advanced Narrowband Digital-Voice Terminal
ANI Automatic Number Identification
AOR Area of Responsibility
APC Adaptive Protective Coding
APL Approved Product List
ARC American Red Cross
ARO Authorized Requesting Official
ASA Automatic Security Authentication
ASD(C3I) Assistant Secretary of Defense (Command, Control,
Communications and Intelligence)
ASD (NII)/DOD CIO Assistant Secretary of Defense for Networks and
Information Integration/Department of Defense Chief Information Officer.
ATC Authority to Connect
ATO Authority to Operate
ATM Asynchronous Transfer Mode
AUTOVON Automatic Voice Network
C&A Certification and Accreditation
CCB Configuration Control Board
C2 command and control
C3 command, control, and communications
C3I command, control, communications and intelligence
C4I command, control, communications; computers and
CCSD command communications service designator
CEU channel encryption unit
CIO Corporate Information Officer
CM configuration management
COCOM Combatant Command (Command Authority)
COMSEC communications security
COMPUSEC computer security
CONEXPLAN contingency and exercise plan
CONPLAN operation plan in concept format
CONUS continental United States
CPE customer premises equipment
CTF coalition task force
DAA Designated Approval Authority
DAM diagnostic acceptability measure
DCF DISN Customer Forum
DDOE DISA Direct Order Entry
DFTS Defense Fixed Telecommunications Service
DIA Defense Intelligence Agency
DISA Defense Information Systems Agency
DISAC Defense Information Systems Agency Circular
DISN Defense Information System Network
DITCO Defense Information Technology Contracting Office
DMS Defense Messaging Service
DOD Department of Defense
DPA Dual Phone Adapter
DPM digital phone multiplexers
DRSN Defense Red Switch Network
DRT diagnostic rhyme test
DSCS Defense Satellite Communications System
DSN Defense Switched Network
DTA Dual Trunk Adaptor
DVS Defense Video Services
DVX Deployable Voice Switch
DWCF Defense Working Capital Fund
EC Echo Canceller
EMSS Enhanced Mobile Satellite Service
EO End Office
EPC Enhanced Pentagon Capability
EPP Enhanced Planning Process
F Flash
FCC Federal Communications Commission
FMS foreign military sales
FO Flash Override
FOO Flash Override Override
FSAL Fixed Security Access Level
FTS Federal Telecommunications System
GAR Gateway Access Request
GETS Government Emergency Telecommunications Service
GIG Global Information Grid
GNC Global NetOps Center
GNOSC Global NetOps and Security Center
GNSC Global NetOps Support Center
GOS Grade of Service
GPS General Purpose Segment
GSCR Generic Switching Center Requirements
GSR Generic System Requirement
HEMP High-Altitude Electromagnetic Pulse
HF high frequency
HMW health, morale, and welfare
I Immediate
IA Information Assurance
IAS Integrated access Switch/System
IATO interim authority to operate
IAW in accordance with
IER In Effect Report
IP Internet Protocol
ISP Information Support Plans
ISDN Integrated Services Digital Network
IST interswitch trunk
JCSE Joint Communications Support Element
JIEO Joint Information and Engineering Organization
JITC Joint Interoperability Test Command
JTA Joint Technical Architecture
JTDLMP Joint Tactical Data Link Management Plan
JTF Joint Task Force
JTF-GNO Joint Task Force Global Network Operations
JWICS Joint Worldwide Intelligence Communications Systems
Kb Kilobits
KPP Key Performance Parameters
LAN Local Area Network
LPC linear predictive coding
MCA maximum calling area
MDA Multifunction Digital Adaptor
MFS multifunction switch
MILSTAR Military Strategic and Tactical Relay Satellite
MLPP Multilevel Precedence and Preemption
MOA memorandum of agreement
MOS mean opinion score
MOU memorandum of understanding
MTF message text format
MUF military-unique feature
NAF non-appropriated fund
NAOC National Airborne Operations Center
NATO North Atlantic Treaty Organization
NCA National Command Authorities
NCID Net Centric Implementation Document
NCN NATO Core Network
NCS National Communications System
NDN National Defense Network
NE Network Element
NIPRNET Sensitive, but unclassified Internet Protocol
Router network
NMCC National Military Command Center
NM network management
NMCC National Military Command Center
NMCS National Military Command System
NORAD North American Aerospace Defense Command
NSA National Security Agency
NS/EP National Security and Emergency Preparedness
OA&M Operation, Administration and Maintenance
OCONUS outside continental United States (CONUS)
O&M operations and maintenance
OPLAN operation plan
OSD Office of the Secretary of Defense
PAT Precedence Access Threshold
PBD Program Budget Decision
PBX Private Branch Exchange
PBX1 Private Branch Exchange Type 1
PBX2 Private Branch Exchange Type 2
PCM Pulse-code Modulation
PDC Program Designator Code
PDS protected distribution system
PIN personal identification number
PMO Program Management Office
POM Program Objective Memorandum
PSTN Public Switched Telephone Network
PTT Public Telephone and Telegraph
QoS Quality of Service
R Routine
RMC Resource Management Committee
RSU Remote Switching Unit
RTS Real Time Services
SA stand-alone
SAL security access level
SATCOM satellite communications
SBU Sensitive But Classified
SCI sensitive compartmented information
SCIF SCI facility
SCIP Secure Communications Interoperability Protocol
SDN Subscriber Directory Number
SECN Survivable Emergency Conferencing Network
SIPRNET Secret Internet Protocol Router Network
SMEO Small End Office
SMU Switch Multiplexer Unit
SSM Single System Manager
STE Secure Terminal Equipment
STEP Standardized Tactical Entry Point
STU-III Secure Telephone Unit third generation/low-cost
SVS Secure Voice System
TDL Tactical Data Links
TDM Time Division Multiplexing
T-ISP Tailored Information Support Plans
TNC Theater NetOps Center
TRI-TAC Tri-Services Tactical Communications
TSEC Telecommunications Security
TSP Telecommunications Service Priority
TR Telecom Request
TSRS Telecommunications Service Requests
UCR Unified Communications Requirements
UHF ultrahigh frequency
UMUX universal multiplexer
UN United Nations
VHF very high frequency
VOIP Voice Over Internet Protocol
VOSIP Voice Over Secure IP
VSAL variable security access level
VTC video teleconferencing
WWSVCS Worldwide Secure Voice Conferencing System
Entries here with caption (JP 1-02) are from the Department of Defense
Dictionary of Military and Associated terms (short title: Joint Publication 1-02).
JP 1-02 terminology is approved for DOD wide general use. The other
terminology is specialized and limited to the scope of this instruction.
area of responsibility (AOR). The geographical area associated with a
combatant command within which a combatant commander has authority to
plan and conduct operations. Also called AOR. (See reference bb)
automatic number Identification (ANI). A service feature in which the directory
number or equipment number of a calling station is automatically obtained.
ANI is used in message accounting. (See reference jj.)
avoidance routing. The assignment of a circuit path to avoid certain critical or
trouble-prone circuit nodes. (See reference jj.)
a. The high-traffic-density connectivity portion of any communications
b. In packet-switched networks, a primary forward-direction path traced
sequentially through two or more major relay or switching stations. Note: In
packet-switched networks, a backbone consists primarily of switches and
interswitch trunks. (See reference jj.)
combatant commander (CCDR). A commander of one of the unified or specified
combatant commands established by the President. (See reference bb)
classmark. Designator used to describe the service privileges and restrictions
for lines accessing a switch (e.g., precedence level, conference privilege,
security level, or zone restriction). (Telephony’s Dictionary, Langley, Graham,
Telephony Publishing Corp. Chicago, IL, June 1982)
command and control (C2). The exercise of authority and direction by a
properly designated commander over assigned and attached forces in the
accomplishment of the mission. Command and control functions are
performed through an arrangement of personnel, equipment, communications,
facilities, and procedures employed by a commander in planning, directing,
coordinating, and controlling forces and operations in the accomplishment of
the mission (JP1-02).
communications security (COMSEC). The protection resulting from all
measures designed to deny unauthorized persons information of value that
might be derived from the possession and study of telecommunications, or to
mislead unauthorized persons in their interpretation of the results of such
possession and study. Also called COMSEC. (See reference bb)
computer security (COMPUSEC). The protection resulting from all measures to
deny unauthorized access and exploitation of friendly computer systems. Also
called COMPUSEC. See also communications security (See reference bb)
Condor. NSA’s program to secure wireless communications.
configuration management (CM). A discipline applying technical and
administrative direction and surveillance to:
a. identify and document the functional and physical characteristics of a
configuration item
b. control changes to those characteristics
c. record and report changes to processing and implementation status.
(See reference bb.) (See reference kk.)
continental United States (CONUS). United States territory, including the
adjacent territorial waters, located within North America between Canada and
Mexico. Also called CONUS. (See reference bb.)
cryptosecurity. The component of communications security that results from
the provision of technically sound cryptosystems and their proper use. (See
also communications security). (See reference bb.) (See reference kk.)
Defense Information Systems Network (DISN). An integrated network centrally
managed and configured to provide long-haul information transfer services for
all DOD activities. It is an information transfer utility designed to provide
dedicated point-to-point, switched voice and data, imagery, and video
teleconferencing services. (See reference bb.)
Defense Switched Network (DSN). A component of the Defense Information
System Network (DISN) that handles DOD voice, data, and video
communications. (See reference bb.)
directionalization. The temporary conversion of a portion or all of a two-way
trunk group to one-way trunks favoring traffic flowing away from a congested
switch. (See reference jj.)
DSS Terminology. a. Approval. The official sanctioning effort necessary to
permit implementation of a requirement. The level at which approval must be
obtained will vary based on the type of service required (See Enclosure D).
Service approvals are not normally provided without identified funding. b.
Coordination. Any request for service that affects the network within the
geographic area of an overseas combatant command requires prior
coordination with concurrence of the affected combatant command. DISA
coordination is required for all DSN requirements. New requirements for which
funds have not been previously programmed require coordination with the
DOD component designated to provide funding. These may include
implementation costs, annual depot support costs, annual O&M costs, and a
potential increase in a DOD component’s annual DWCF bill. c. Resolution.
Forward a requirement to the Joint Staff for resolution of the action when the
view of an activity is not in accordance with current policy.d. Validation or
Revalidation. The confirmation and declaration by competent higher authority
that a requirement is justified. Requirements of a requesting agency are
validated by the applicable combatant command, Service Chief, director of
Defense agency, or head of other agency, or officials delegated this
responsibility. Joint Staff validation or revalidation, when required. Validation
or revalidation of a requirement by itself does not guarantee funding unless the
funding profile is included in the validation or revalidation process.
dual homing. The connection of a terminal so that it is served by either of two
switching centers. Note: In dual homing, a single directory number or a single
routing indicator is used. (See reference kk.)
emission security. Protection resulting from all measures taken to deny
unauthorized persons information of value that might be derived from intercept
and analysis of compromising emanations from crypto-equipment, AIS, and
telecommunications systems. (See reference kk.)
end office (EO). A central office at which user lines and trunks are
interconnected-providing long-distance service by interconnecting with DSN
nodal switches. [FS1037] EO switches provide users with switched call
connections and all DSN service features, including MLPP.
End-to-End. All DSN services beginning at the initiating users facilities until it
reaches the receiving user (e.g., phone-to-to phone, video unit-to-video unit,
fax-to-fax, STE-to-STE [Secure Terminal Equipment] and deployed
Federal Communications Commission (FCC). The US Government board of five
presidential appointees that has the authority to regulate all nonfederal
government interstate telecommunications (including radio and television
broadcasting) as well as all international communications that originates or
terminates in the United States. Note: Similar authority for regulation of
federal government telecommunications is vested in the National
Telecommunications and Information Administration. (See reference kk.)
Federal Telecommunications System (FTS). A commercial switched longdistance
telecommunications service provided for official federal government
use. Use of FTS contract services is mandatory for use by US Government
agencies for all acquisitions subject to 40 USC 759.
foreign military sales (FMS). That portion of US security assistance authorized
by the Foreign Assistance Act of 1961, as amended, and the Arms Export
Control Act of 1976, as amended. This assistance differs from the Military
Assistance Program and the International Military Education and Training
Program in that the recipient provides reimbursement for defense articles and
services transferred. (See reference bb.)
global integrated grid (GIG). A DODD 8100.1, dated 19 September 2002,
established the definition of the GIG, which by agreement among DOD CIO, the
Under Secretary of Defense (USD) for Acquisition, Technology and Logistics
(AT&L), and the Joint Staff/J-6. The GIG is defined as follows:
a. Globally interconnected, End-to-End set of information capabilities,
associated processes, and personnel for collecting, processing, storing,
disseminating, and managing information on demand to warfighters, policy
makers, and support personnel. The GIG includes all owned and leased
communications and computing systems and services, software (including
applications), data, security services, and other associated services necessary
to achieve Information Superiority. It also includes National Security Systems
(NSS) as defined in section 5142 of the Clinger-Cohen Act of 1996. The GIG
supports all DOD, National Security, and related Intelligence Community (IC)
missions and functions (strategic, operational, tactical, and business) in war
and in peace. The GIG provides capabilities from all operating locations (bases,
posts, camps, stations, facilities, mobile platforms, and deployed sites). The
GIG provides interfaces to coalition, allied, and non-DOD users and systems.
b. The GIG includes any system, equipment, software, or service that
meets one or more of the following criteria:
(1) Transmits information to, receives information from, routes
information among, or interchanges information among other equipment,
software, and services.
(2) Provides retention, organization, visualization, information
assurance, or disposition of data, information, and/or knowledge received from
or transmitted to other equipment, software, and services.
(3) Processes data or information for use by other equipment, software,
and services.
c. Non-GIG Information Technology (IT) – Stand-alone, self-contained, or
embedded IT that is not or will not be connected to the enterprise network.
Global NetOps Center. The Global NetOps Center (GNC) is the JTF-GNO
Command Center responsible for executing the daily operation and defense of
the GIG. The GNC provides overall management, control, and technical
direction for GIG NetOps and oversees collaborative coordination process
involving all CC/S/As, supporting the needs of the President, SECDEF, NetOps
Community, and the warfighting, business, and intelligence domains. (See
reference vv.)
Global NetOps Support Center (GNSC). The Global NetOps Support Center
(GNSC) provides the day-to-day technical operation, control, and management
of the portions of the GIG that support Global Operations but are not assigned
to a combatant command. The GNSC conducts GIG backbone NetOps, tactical
DISN extension via Standard Tactical Entry Point (STEP) and Teleport mission
support, provisioning of provided services, network engineering, circuit
implementation, and inter-theater connectivity among USNORTHCOM,
responsibility. The GNSC provides General Support (GS) to the TNCs, and
provides DS to the GNCCs. (See reference vv.)
grade of service (GOS).
a. The probability of a call being blocked or delayed more than a specified
interval, expressed as a decimal fraction, (e.g. P.09 means nine calls out of 100
will be blocked). GOS may be viewed independently from the perspective of
incoming versus outgoing calls and is not necessarily equal in each direction.
GOS may be applied to the busy hour or to some other specified period or set of
traffic conditions.
b. In telephony the QoS for which a circuit is designed or conditioned to
provide; e.g., voice grade or program grade. Criteria for different grades of
service may include equalization for amplitude over a specified band of
frequencies, or in the case of digital data transported via analog circuits,
equalization for phase. (See reference jj.)
high-altitude electromagnetic pulse (HEMP). An electromagnetic pulse
produced at an altitude effectively above the sensible atmosphere; i.e., above
about 120 km. (See reference kk.)
Homeland Defense (HD). The protection of United States sovereignty, territory,
domestic population, and critical infrastructure against external threats and
aggression or other threats as directed by the President. (See reference bb).
installation. A grouping of facilities located in the same vicinity “which support
particular functions”. If a facility has a functions that is part of a DOD
organization’s mission, then it would be considered an installation. Example:
DISA HQ and the Navy Annex have functions that are required organizational
functions and are considered installations.
Integrated Services Digital Network (ISDN). An integrated digital network in
which the same time-division switches and digital transmission paths are used
to establish connections for different services. ISDN services include
telephone, data, electronic mail, and facsimile. The method used to accomplish
a connection is often specified (e.g., switched connection, non-switched
connection, exchange connection, or ISDN connection). (See reference jj.)
Joint Worldwide Intelligence Communications System (JWICS). The sensitive
compartmented information portion of the Defense Information System
Network. It incorporates advanced networking technologies that permit pointto-
point or multipoint information exchange involving voice, text, graphics,
data, and video teleconferencing, also called JWICS (See reference bb.)
linear predictive coding (LPC). A method of digitally encoding analog signals,
which uses a single-level or multilevel sampling system in which the value of
the signal at each sample time is predicted to be a linear function of the past
values of the quantized signal. Note: LPC is related to APC in that both use
adaptive predictors. However, LPC uses more prediction coefficients to permit
use of a lower information bit rate than APC, and thus requires a more complex
processor. (See reference jj.)
maximum calling area (MCA). Geographic calling limits permitted to a
particular access line based on requirements for the particular line. Note:
MCA restrictions are imposed for network control purposes. (See reference jj.)
Multilevel Precedence and Preemption (MLPP). In military communications, a
priority scheme: a. for assigning one of several precedence levels to specific
calls or messages so that the system handles them in a predetermined order
and timeframe
b. for gaining controlled access to network resources in which calls and
messages can be preempted only by higher priority calls and messages
c. that is recognized only within a predefined domain
d. in which the precedence level of a call outside the predefined domain is
usually not recognized. (See reference jj.)
National Command Authorities (NCA). The President and the Secretary of
Defense or their duly deputized alternates or successors. (See reference bb.)
National Communications System (NCS). a. The organization established by
section 1(a) of Executive Order No. 12472 to assist the President, the National
Security Council, the Director of the Office of Science and Technology Policy,
and the Director of the Office of Management and Budget, in the discharge of
their national security emergency preparedness telecommunications functions.
The NCS consists of both the telecommunications assets of the entities
represented on the NCS Committee of Principals and an administrative
structure consisting of the EA, the NCS Committee of Principals, and the
Manager. (See reference p) b. The telecommunications system that results
from the technical and operational integration of the separate
telecommunications systems of the several executive branch departments and
agencies having a significant telecommunications capability. (See reference bb.)
National Security or Emergency Preparedness (NS/EP) telecommunications.
Telecommunications services that are used to maintain a state of readiness or
to respond to and manage any event or crisis (local, national, or international)
that causes or could cause injury or harm to the population, damage to or loss
of property, or degrade or threaten the national security or emergency
preparedness posture of the United States. (See reference jj.)
Network Management (NM). The execution of the set of functions required for
controlling, planning, allocating, deploying, coordinating, and monitoring the
resources of a telecommunications network, including performing functions
such as initial network planning, frequency allocation, predetermined traffic
routing to support load balancing, cryptographic key distribution
authorization, configuration management, fault management, security
management, performance management, and accounting management. Note:
NM does not include user terminal equipment. (See reference jj.)
nodal switch. A tandem switch in the DSN that connects multiple EOs,
provides access to a variety of transmission media, routes calls to other nodal
switches, and provides network features such as MLPP. Nodal switches are
supervised by and interconnected to the DSN A/NM subsystem. The two types
of nodal switches in the DSN are:
a. stand-alone switch (SA). The SA functions solely as a tandem switch in
the DSN.
b. multifunction switch. This switch incorporates the combined functions
of an SA switch and an EO switch. No physical division exists between the EO
and SA functions within the MFS, but a logical division exists.
nonappropriated funds (NAF). Funds generated by DOD military and civilian
personnel and their dependents and used to augment funds appropriated by
the US Congress to provide a comprehensive, morale-building welfare,
religious, educational, and recreational program designed to improve the wellbeing
of military and civilian personnel and their dependents. (See reference
outside continental United States (OCONUS). World wide area outside the
United States territory, including the adjacent territorial waters, located within
North America between Canada and Mexico.
a. In telephony, the condition that exists when an operational telephone
instrument or other user instrument is in use; (i.e., during dialing or
communicating). Note: Off-hook originally referred to the condition that
prevailed when the separate ear piece (receiver) was removed from its switch
hook, which extended from a vertical post that also supported the microphone
and connected the instrument to the line when not depressed by the weight of
the receiver. b. One of two possible signaling states, such as tone or no tone
and ground connection versus battery connection. If off-hook pertains to one
state, on-hook pertains to the other. c. The active state, i.e., closed loop, of a
subscriber or PBX user loop.
d. An operating state of a communications link in which data transmission
is enabled either for voice or data communications or network signaling. (See
reference kk.)
off-net calling. The process by which telephone calls that originate or pass
through private switching systems in transmission networks are extended to
stations in a public switched telephone system.
physical security. The component of communications security that results
from all physical measures necessary to safeguard classified equipment,
material, and documents from access thereto or observation thereof by
unauthorized persons. (See reference bb.)
precedence. In communications, a designation assigned to a message by the
originator to indicate to communications personnel the relative order of
handling and to the addressee the order in which the message is to be noted.
(See reference bb.) The ascending order of precedence for military messages is
a. ROUTINE. Precedence designation applied to official US Government
communications that require rapid transmission by telephonic means but do
not require preferential handling.
b. PRIORITY. Precedence reserved generally for telephone calls requiring
expeditious action by called parties and/or furnishing essential information for
the conduct of US Government operations.
c. IMMEDIATE. Precedence reserved generally for telephone calls
pertaining to: (1) Situations that gravely affect the security of national
and allied forces (2) Reconstitution of forces in a post attack period.
(3) Intelligence essential to national security. (4) Conduct of
diplomatic negotiations to reduce or limit the threat of war. (5)
Implementation of federal government actions essential to national survival.
(6) Situations that gravely affect the internal security of the United States.
(7) Civil Defense actions concerning US population. (8) Disasters
or events of extensive seriousness having an immediate and detrimental effect
on the welfare of the population. (9) Vital information having an immediate
effect on aircraft, spacecraft, or missile operations.
d. FLASH. Precedence reserved generally for telephone calls pertaining to:
(1) Command and control of military forces essential to defense and
(2) Critical intelligence essential to national survival.
(3) Conduct of diplomatic negotiations critical to the arresting or
limiting of hostilities.
(4) Dissemination of critical civil alert information essential to national
(5) Continuity of federal government functions essential to national
(6) Fulfillment of critical US internal security functions essential to
national survival.
(7) Catastrophic events of national or international significance.
e. FLASH OVERRIDE. A capability available to:
(1) The President of the United States, Secretary of Defense, and Joint
Chiefs of Staff.
(2) Commanders of combatant commands when declaring Defense
Condition One or Defense Emergency.
(3) USNORAD when declaring either Defense Condition One or Air
Defense Emergency and other national authorities the President may
(4) FLASH OVERRIDE cannot be preempted in the DSN.
(5) FLASH OVERRIDE. A DRSN capability available to:
(a). The President of the United States, Secretary of Defense, and
Joint Chiefs of Staff.
(b). Commanders of combatant commands when declaring Defense
Condition One or Defense Emergency.
(c). USNORAD when declaring either Defense Condition One or Air
Defense Emergency and other national authorities that the President may
authorize in conjunction with Worldwide Secure Voice Conferencing System
(WWSVCS) conferences.
FLASH OVERRIDE cannot be preempted.
preemption. The ruthless seizure -- usually automatic -- of a path through the
military telephone system that is being used to serve lower precedence calls in
order to immediately serve a higher precedence call. (See reference jj.)
Primary Switch. An installation switch (e.g., EO) that provides direct
connections to user’s terminals and the bulk of the installation’s inter-DOD
mission communications. Large installations may have multiple EOs that
provides a significant amount of DOD communications for multiple missions of
the whole installation or serve individual tenant organizations on an
private branch exchange (PBX). 1. a. A telecommunications switch, owned
by a DOD Component that usually includes access to the public switch
network. b. A switch that serves a selected group of users and is subordinate
to a switch at a higher level in the DSN hierarchy.
c. A private telephone switchboard that provides on-premises dial service
and may provide connections to local and trunked communications networks.
Note: A PBX operates with only a manual switchboard. A private automatic
exchange PAX does not have a switchboard.(See reference jj.)
protected distribution system (PDS). A wireline or fiber-optics
telecommunication system that includes terminals and adequate acoustical,
electrical, electromagnetic, and physical safeguards to permit its use for the
unencrypted transmission of classified information: A complete PDS includes
the subscriber and terminal equipment and the interconnecting lines. (See
reference jj.)
public switched telecommunications network (PSTN). Global collection of
private and US Government interconnected public telephone networks
providing voice and data communications via switched lines. Any commoncarrier
network that provides circuit switching among public users. Note: The
term is usually applied to public switched telephone networks, but it could be
applied more generally to other switched networks, such as packet-switched
public data networks. (See reference jj.)
Real Time Services (RTS). A subset of the four categories of services contained
in the GIG NCID, QoS (T300). The four categories of services are Signaling,
Inelastic/Real Time, Preferred Elastic and Elastic. Signaling includes both
Network Control and User Signaling for managing the network and setting up
and taking down sessions over the network. Inelastic RTS provide GIG users
with primarily live interactive services that are that are extremely sensitive to
packet delay, jitter and loss to include voice, video, multimedia
communications or rapid delivery of critical command and control information
involving weapons delivery capabilities that clearly allow for (1) the equivalent
of “Face to Face” interactions in which both factual and emotional content of
the interaction can be conveyed and (2) operation of surveillance and weapons
systems that require rapid message delivery.
satellite communications (SATCOM). A telecommunications service provided
via one or more satellite relays and their associated uplinks and downlinks.
(reference jj.)
Secure Communications Interoperability Protocol (SCIP). SCIP is the US
Government's standard for secure voice and data communication and was
adopted to replace the FNBDT (Future Narrowband Digital Terminal) title in
2004. SCIP systems have been in use since 2001, beginning with the CONDOR
secure cell phone. The standard is designed to cover wideband as well as
narrowband voice and data security.
SECRET Internet Protocol Router Network (SIPRNET). Worldwide SECRETlevel
packet switch network that uses high-speed Protocol routers and highcapacity
Defense Information Systems Network circuitry. (See reference bb.)
split homing. The connection of terminal equipment to more than one
switching center by separate access lines, each of which has a separate
directory number. (See reference jj.)
tactical communications. Communications in which information of any kind,
especially orders and decisions, are conveyed from one command, person, or
place to another within the tactical forces, usually by means of electronic
equipment, including communications security equipment, organic to the
tactical forces. Tactical communications do not include communications
provided to tactical forces by the DISN, to non-tactical military commands and
to tactical forces by civil organizations. (See reference jj.)
tandem. Pertaining to an arrangement or sequencing of networks, circuits, or
links, in which the output terminals of one network, circuit, or link are
connected directly to the input terminals of another network, circuit, or link.
(See reference jj.)
tandem office. A central office that serves local subscriber loops and also is
used as an intermediate switching point for traffic between central offices.(See
reference jj)
Telecommunications Service Priority (TSP) service. A regulated service provided
by a telecommunications provider, such as an operating telephone company or
a carrier, for NS/EP telecommunications. Note: The TSP service replaced
Restoration Priority service effective September 1990. (See reference jj.)
Theater NetOps Center (TNC). Each TNC provides direct support to its TNCC,
ensuring the effective operation and defense of the GIG within the theater. The
TNC is OPCON to JTF-GNO and offers onsite, theater support. Each TNC can
issue technical directives to STNOSCs/Agency Theater Network Operations and
Security Centers (ATNOSCs). The TNC develops, monitors and maintains a
GIG SA view for the theater. The theater GIG Situational Awareness (SA) view
is aggregated and segmented based on requirements provided by the TNCC as
derived from the GIG common SA standards. The GIG SA view will include
pertinent theater, operational, and tactical-level system and network, GND,
and GCM status. Coordination with the TNCC is paramount especially with
regards to reporting requirements and SA. (See reference vv.)
Theater NetOps Control Center (TNCC). The primary mission of the TNCC is to
lead, prioritize, and direct theater GIG assets and resources to ensure they are
optimized to support the GCC’s assigned missions and operations, and to
advise the combatant command of the GIG’s ability to support current and
future operations. The specific roles of the TNCC include monitoring of the GIG
assets in their theater, determining operational impact of major degradations
and outages, leading and directing responses to degradations and outages that
affect joint operations, and directing GIG actions in support of changing
operational priorities. The TNCC leads the combatant command response to
NetOps events and responds to JTF-GNO direction when required to correct or
mitigate a global NetOps issue. (See reference vv.)
transmission security. The component of communications security that results
from the application of measures designed to protect transmissions from
interception and exploitation by means other than crypto-analysis. (See
reference jj.)
TRI-TAC. Acronym for tri-services tactical. See tactical communications. (See
reference jj.)
TRI-TAC equipment. Equipment that accommodates the transition from
current manual and analog systems to fully automated digital systems and
provides for message switching, voice communications circuit switching, and
the use of secure voice terminals, digital facsimile systems, and user digital
voice terminals. (See reference jj.)
ultrahigh frequency (UHF). Frequencies from 300 MHz to 3000 MHz. (See
reference jj.)
user. A person, organization, or other entity (including a computer or
computer system) that employs the services provided by a telecommunications
system or an information processing system for transfer of information

Offline infowarrior_039

  • Member
  • *****
  • Posts: 789
  • explosions in the sky
    • Truth Archive
Re: DoD - Juniper Networks- DISA - DSN - JITC - GIG - Cyber Security
« Reply #2 on: August 29, 2009, 04:52:43 pm »
another simmilar policy:



References: See Enclosure E.

1. Purpose. This instruction establishes policy and responsibilities for
the connection of information systems (ISs) (e.g., applications, enclaves,
or outsourced processes) to the Defense Information System Network
a. Additional policies governing other subnetworks of the DISN
networks are covered in the following instructions:
(1) Chairman of the Joint Chiefs of Staff Instruction (CJCSI)
6250.01, “Satellite Communications” (reference a).
(2) CJCSI 6215.01, “Policy for Department of Defense Voice
Networks” (reference b).
b. Policy on sensitive compartmented information (SCI) is covered in
Director of Central Intelligence Directive (DCID) 6/3, “Protecting
Sensitive Compartmented Information within Information Systems”
(reference c).
c. This instruction does not cover connection policy to research,
development, test, and evaluation networks such as the Defense
Research and Engineering Network or Advanced Concept Technology
Demonstration networks.1
1 These networks must follow DISN connection and DOD cross domain processes and procedures
if connecting to the DISN.

CJCSI 6211.02C
9 July 2008

2. Cancellation. CJCSI 6211.02B, 31 July 2003, “Defense Information
System Network (DISN): Policy, Responsibilities and Processes,” is
3. Applicability. This instruction applies to the Joint Staff; combatant
commands, Services, and Defense agencies (CC/S/As); and DOD field
and joint activities, including DOD and Service Nonappropriated Fund
Instrumentalities. This instruction also applies to non-DOD
governmental DISN users and contractors in facilities that interconnect
with the DISN.

4. Policy. See Enclosure A.
5. Responsibilities. See Enclosure B.
6. Summary of Changes. This revision updates CJCSI 6211.01B. It

a. Moves to the concept of baseline CD services and solutions (i.e.,
enterprise CD services, centralized CD solutions, and baseline point
solutions) providing the primary capabilities for information sharing
between different security domains.
b. Replaces DISN Designated Approving Authorities (DISN DAAs)
with the new DOD Principal Accrediting Authorities (PAAs). Additionally,
replaces the DISN Flag Panel with the DISN/Global Information Grid
(GIG) Flag Panel.
c. Updates certification and accreditation (C&A) guidance based on
the DOD Information Assurance Certification and Accreditation Process
(DIACAP) implementation in accordance with (IAW) DOD Instruction
(DODI) 8510.01 (see reference d).
d. Focuses on policy and responsibilities. Specific process steps will
be maintained and updated as required by the Defense Information
Systems Agency (DISA).
e. Transfers Cross Domain Solutions Assessment Panel
responsibilities to Cross Domain Resolution Board (CDRB) chaired by the
Director, Unified Cross Domain Management Office (UCDMO).
f. Makes CC/S/A headquarters responsible for endorsing and
validating requirements for CC/S/A organization CD information transfer
and non-DOD connection requests.

CJCSI 6211.02C
9 July 2008

g. Adds DOD requirement to register ISs connected to the DISN in
the DOD Information Technology (IT) Portfolio Repository (DITPR) or the
SECRET Internet Protocol Router Network (SIPRNET) IT Registry.
h. Adds UCDMO responsibilities and roles.
i. Provides updated guidance on official and authorized use of DISN
IAW DOD Regulation 5500.7-R (reference e). Additionally, updates
guidance covering violations of standards of conduct prescribed in the
regulation IAW DODD 5500.7 (reference f).
j. Provides reciprocity guidance for connection of ISs to facilitate the
establishment of joint bases, combatant command operational
requirements, and the migration to net-centric warfare.
7. Definitions. See Glossary. Major source documents for definitions in
this instruction are Joint Publication (JP) 1-02, “DOD Dictionary of
Military and Associated Terms,” (reference g) and Committee on National
Security Systems (CNSS) Instruction (CNSSI) 4009, “National Information
Assurance Glossary” (reference h).
8. Releasability. This instruction is approved for public release;
distribution is unlimited. DOD components (including combatant
commands), other federal agencies, and the public may obtain copies of
this instruction through the Internet from the CJCS Directives Home
Page --

9. Effective Date. This instruction is effective immediately.
For the Chairman of the Joint Chiefs of Staff:




1. Defense Information System Network (DISN) Background
a. The DISN is a composite of DOD-owned and leased
telecommunications subsystems and networks. It is DOD’s worldwide
enterprise-level telecommunications infrastructure providing end-to-end
information transfer in support of military operations. The DISN
facilitates information resource management and supports national
security as well as DOD needs. As a critical portion of the GIG, the DISN
furnishes network services to DOD installations and deployed forces.
Those services include voice, data, video, messaging, and other unified
capabilities along with ancillary enterprise services such as directories.
The DISN has three segments: sustaining base, long-haul, and deployed.
(1) The sustaining base infrastructure (i.e., base, post, camp or
station, and Service enterprise enclaves) interfaces with the long-haul
infrastructure to support strategic/fixed environment user
telecommunications requirements. The sustaining base segment is
primarily the responsibility of the CC/S/A.
(2) The long-haul telecommunications infrastructure and its
associated services are the responsibility of the DISA.
(3) The deployed warfighter and associated combatant commander
telecommunications infrastructures support the Joint Task Force and/or
Combined Task Force. The combatant command and subordinate
Service components have primary responsibility for the deployed
warfighter and associated combatant command telecommunications
infrastructure within the theater.
b. The DISN provides the GIG transfer infrastructure by connecting
separate CC/S/A and field activity ISs into a DOD enterprise-wide
network to meet common-user and special purpose information transfer
c. DISN information transfer facilities support secure transport
requirements for subnetworks such as the Defense Switched Network
(DSN), Defense Red Switch Network (DRSN), Non-Secure Internet
Protocol Router Network (NIPRNET),2 SIPRNET, DISN Video Services
2 Based on DOD dictionary and JP 1-02 (reference g). Other uses of the acronym include
Unclassified But Sensitive Internet Protocol Router Network (DOD IT Portfolio Registry) and Non-
Classified Internet Protocol Router Network (DODI 8500.2 (reference k)).

CJCSI 6211.02C
9 July 2008

Enclosure A

(DVS) Network, Enhanced Mobile Satellite Services (EMSSs), and other
government agency networks.
d. The DISN's long-haul telecommunications infrastructure is
designated as a mission critical3 and mission assurance category (MAC) I
national security system (NSS). The DISN and its subnetworks must be
operated and protected IAW DODD 8500.01E (reference i) and other
8500 series issuances.
(1) The DISN SIPRNET, NIPRNET, DRSN, and EMSS subnetworks
are designated as mission critical IAW DODI 5000.2 (reference j).
(2) The DISN SIPRNET, DRSN, and EMSS subnetworks are
designated as MAC I ISs handling information vital to the operational
readiness or mission effectiveness of deployed and contingency forces in
terms of content and timeliness. These subnetworks must implement
designated MAC I information assurance (IA) controls IAW DODI 8500.2
(reference k) and DODI 8510.01 (reference d).
2. Policy
a. DOD will use DISN services to satisfy DOD long-haul and wide
area network transfer communications requirements IAW DODI 4640.14
(reference l).
b. The DISN will use secure configurations of approved IA and IAenabled
IT products (i.e., National Information Assurance
Partnership/Federal Information Processing Standards
evaluated/approved products), certified IA personnel, and strict
configuration control.
c. DOD ISs4 connected to DISN must be certified and accredited IAW
applicable guidance and processes (i.e., DODI 8510.01 (reference d),
DODI 8100.3 (reference m), or DCID 6/3 (reference c)).
3 A system that meets the definitions of “information system” and “national security system” in
the Clinger Cohen Act, the loss of which would cause the stoppage of warfighter operations or
direct mission support of warfighter operations. See DODI 5000.2 (reference j).
4 Includes DOD-owned ISs and DOD-controlled ISs operated on behalf of the Department for
Defense that receive process, store, display, or transmit DOD information, regardless of
classification or sensitivity.

CJCSI 6211.02C
9 July 2008

Enclosure A

d. Non-DOD (see Glossary) ISs operating on behalf of the
Department of Defense must be certified and accredited IAW applicable
DOD guidance and processes (i.e., DODI 8510.01 (reference d) or DOD
5220.22-M, “National Industrial Security Program Operating Manual”
(NISPOM) (reference n)).
e. DOD ISs must be registered in the DITPR or the SIPRNET IT
registry by the responsible CC/S/As or field activities IAW DOD Chief
Information Officer (CIO) memorandum (reference o).
f. Non-DOD ISs operating on behalf of the Department of Defense
must be registered in the DITPR or the SIPRNET IT registry by the
sponsoring CC/S/As or field activities IAW DOD CIO memorandum
(reference o).
g. Unclassified IS applications connected to the DISN must be
registered in the systems/networks approval process (SNAP) system
Web-based application, the systems approval process (SysAP).
h. DOD ISs connected to the DISN must be covered by accredited
Computer Network Defense Service (CNDS) providers IAW DODD
O-8530.1 (reference p).
i. Non-DOD ISs connected to the DISN must be covered by
accredited CNDS providers IAW DODD O-8530.1 (reference p).5
j. Direct or indirect DISN connections must follow the connection
policies and responsibilities established in this instruction. They must
also follow DISA connection request procedures, requirements, and
processes. Connections for SCI ISs will be IAW DCID 6/3 (reference c).
k. Tunneling of classified Secret information over transport other
than SIPRNET must use National Security Agency (NSA)/Central
Security Service (CSS) approved cryptography. Data must be encrypted
by NSA/CSS approved Type-1 cryptography when transported over a
network not cleared at or above the highest level of classification of the
5 The sponsoring CC/S/A or field activity must ensure that the CNDS provider requirement is defined in a
contract, MOA, or MOU with the non-DOD organization or entity.

CJCSI 6211.02C
9 July 2008


Enclosure A

l. Connections among ISs of different security domains will be IAW
this instruction, DODD 8500.01E (reference i), DODD O-8530.1
(reference p), and other applicable DOD issuances and instructions.
Connections to SCI ISs must be IAW DCID 6/3 (reference c).6
(1) Connections of non-DOD ISs to the DISN must be sponsored,
endorsed, and validated by the CC/S/A or field activity headquarters and
approved by the Office of the Assistant Secretary of Defense for Networks
and Information Integration (OASD(NII)/DOD CIO).
(2) All non-DOD connections to DISN require a DOD sponsor,
separate connection request, and filtered access.
(3) Contractor ISs connected to the DISN must comply with this
instruction, guidelines issued by DISA as the operating entity, and DOD
5220.22-M, NISPOM (reference n).7
m. Cross Domain Information Transfer Requirements and
(1) CD information transfers must be used only to meet CC/S/A
and field activity compelling mission requirements and must be validated
by CC/S/A or field activity headquarters.
(2) CD information transfer requirements will be prioritized based
on the National Military Strategic Plan for the War on Terrorism
(reference q) priorities and the military objectives in the National Military
Strategy (reference r).
(3) CD information transfer requirements will employ baseline
capabilities and technologies8 in the following order:
(a) Enterprise CD services, which are used to connect ISs of
different security domains, will be established to fulfill operational
requirements across the DOD enterprise.
(b) Centralized CD solutions, which are centrally managed and
owned by a single DOD component, will be established to fulfill
operational requirements across multiple organizations.
6 SCI CD connections to a collateral DISN system will be documented in the system’s DOD
accreditation package.
7 Defense Security Service has been assigned as the Cognizant Security Office for DOD
implementation of the NISPOM.
8 The Cross Domain Baseline can be found at

CJCSI 6211.02C
9 July 2008

Enclosure A

(c) Baseline point CD solutions approved for operational use
will be used only when an enterprise CD service or centralized CD
solution is not available.
(4) When existing CD baseline services or capabilities cannot meet
operational requirements, the development of new solutions must be
approved IAW this instruction.
n. A DOD inspection, site visit, and assessment program9 will
support connected ISs.
(1) All ISs connected to the DISN are subject to electronic
monitoring for communications management and network security. This
includes site visits, compliance inspections, and remote vulnerability
assessments to check system compliance with configuration standards.
(2) Scanning and monitoring by organizations external to a
CC/S/A or field activity must be pre-coordinated at least 24 hours prior
to the event.10
o. Survivability enhancements in transmission paths, routing,
equipment, and associated facilities must be implemented in ISs
supporting critical CC/S/A mission requirements based on the
commander’s or director’s formal risk management process IAW DODI
8510.01 (reference d).
p. Personnel with access or privileged access to the DISN will meet
the personnel security requirements IAW DOD 5200.2-R (reference s).
q. The DISN is the DOD’s worldwide enterprise-level
telecommunications infrastructure. It is critical to planning, mobilizing,
deploying, executing, and sustaining U.S. military operations (DODD
3020.40 (reference t)).
3. Official and Authorized Use of DISN. The DISN must be used only for
official and authorized purposes IAW DOD 5500.7-R (reference e).11 Use
of the DISN for non-official purposes must be authorized in writing by
the CC/S/A Component head.
9 See Enclosure D, DISN Security Information Assurance Program.
10 This will occur with at least 24 hours notification and coordination with the CC/S/A or field
activity DAA or appointed representative and U.S. Strategic Command (USSTRATCOM).
11Federal government communication systems and equipment (including government-owned
telephones, facsimile machines, electronic mail, Internet systems, and commercial systems when
use is paid for by the federal government) shall be for official use and authorized purposes only.

CJCSI 6211.02C
9 July 2008

Enclosure A

a. CC/S/As may authorize categories of non-official communication
after determining that such communications:
(1) Do not adversely affect the performance of official duties by the
DOD employee or CC/S/A or field activity.
(2) Are of reasonable duration and frequency and, whenever
possible, are made during the DOD employee’s or military member’s
personal time (such as after normal duty hours or during lunch periods).
(3) Serve a legitimate public interest such as enabling DOD
employees or military members to stay at their desks rather than leave
the work area to use commercial communication systems.
(4) Do not overburden the communication system and create no
significant additional cost to DOD, CC/S/A, or field activity.
b. DOD 5500.7-R (reference e) states that authorized purposes might
include brief communications made by military members and DOD
employees during official travel to notify family members of
transportation or schedule changes. They may also include reasonable
personal communications from the military member or DOD employee at
his or her workplace (such as checking with spouses or minor children;
scheduling doctor, automobile, or home repair appointments; brief
Internet searches; or e-mailing directions to a visiting relative).
c. CC/S/A directors or military commanders may prohibit use of
government communications systems and equipment, or filter access to
commercial Web sites or services, to defend DOD’s IT resources and
ensure sufficient bandwidth is available for DOD operations. Examples
of situations where access may be prohibited or filtered include the
(1) Accessing streaming video or radio Web sites.
(2) Accessing personal commercial e-mail accounts (e.g., Hotmail,
Yahoo, AOL, etc.) from government computers.
d. Unauthorized DISN uses include the following:
(1) Use, loading, or importing of unauthorized software (e.g.,
applications, games, peer-to-peer software, movies, music videos or files,

CJCSI 6211.02C
9 July 2008

Enclosure A

(2) Accessing pornography.
(3) Unofficial advertising, selling, or soliciting (e.g., gambling,
auctions, stock trading, etc.).
(4) Improperly handling classified information.
(5) Using the DISN to gain unauthorized access to other systems
and/or networks.
(6) Endorsing any product or service, participating in any lobbying
activity, or engaging in any prohibited partisan political activity.
(7) Posting DOD information to external newsgroups, bulletin
boards, or other public forums without authorization.
(8) Other uses incompatible with public service.
e. DODD 5500.7 (reference f) states penalties for violation of the
standards of conduct prescribed in DOD 5500.7-R (reference e) that
include statutory and regulatory sanctions such as judicial (criminal and
civil) and administrative actions for DOD civilian employees and
members of the Military Departments.
(1) The provisions concerning the official and authorized use of the
DISN (federal communications) in DOD 5500.7-R (reference e) constitute
lawful general orders or regulations within the meaning of Article 92
(section 892 of reference u) of the Uniform Code of Military Justice
(UCMJ), are punitive, and apply without further implementation. In
addition to prosecution by court-martial under the UCMJ, a violation
may serve as a basis for adverse administrative action and other adverse
action authorized by United States Code (USC) or federal regulations. In
addition, violation of any provision in DOD 5500.7-R (reference e) may
constitute the UCMJ offense of dereliction of duty or other applicable
punitive articles.
(2) Violation of any provision in DOD 5500.7-R (reference e) by
DOD civilian employees may result in appropriate criminal prosecution,
civil judicial action, disciplinary or adverse administrative action, or
other administrative action authorized by USC or federal regulations.

CJCSI 6211.02C
9 July 2008

Offline infowarrior_039

  • Member
  • *****
  • Posts: 789
  • explosions in the sky
    • Truth Archive
Re: DoD - Juniper Networks- DISA - DSN - JITC - GIG - Cyber Security
« Reply #3 on: August 29, 2009, 05:12:24 pm »

Sycamore Networks, Inc.

Government Networks:

Secure mission-critical communications and transform critical infrastructure with exceptional interoperability, capacity, and intelligence

Solutions for
Government Networks


The power to transform at your command
Depends on multiservice flexibility and mission-critical reliability

Features and Benefits Application Highlights Related Products JITC-certified multiservice switching platforms work within budget constraints to deliver high-speed bandwidth and efficient, net-centric operations. Standards-based interoperability accommodates existing and emerging applications, facilitates seamless evolution, and improves inter-agency communications.

Transformation – Consolidate multiple network elements into one compact system
Survivability – Empower mission-critical service availability and optical mesh resiliency
Scalability – Enable scalable multiservice communications – unified from edge to core
Security – Protect vital information using central authentication and strong encryption
Manageability – Optimize performance and capacity utilization with unmatched network and service awareness, end-to-end intelligence, and advanced modeling tools


Intelligent, packet-optimized networking platforms keep pace with our customers' needs for enhanced broadband service delivery, increased network resiliency, and cost-effective migration strategies. By simplifying operations and helping network operators manage bandwidth capacity more efficiently, Sycamore products dramatically reduce network cost and complexity.

Intelligent Multiservice/Optical Switching Products  SN 16000 Intelligent Optical Switch High-capacity bandwidth management and mesh resiliency for the optical core

 SN 9000 Intelligent Multiservice Switch Packet/optical grooming and aggregation for the metro and regional core
 SN 3000 Intelligent Optical Edge Switch Multiservice flexibility and reliable performance at the network edge
 SILVX® Network Management Scalable, unified network management system common to all SN switches
 BroadLeaf® Networking Software ASON/GMPLS-compliant control plane shared across SN switching platforms
Digital Cross-Connect and Access Gateway Products  DNX Cross-Connect Platform Aggregation, grooming, and access concentration from DSO to OC-3/STM-1
 ENvision Plus Network Management Comprehensive management system for DNX cross-connect platforms
 DNX-1u Access Gateway TDM grooming and remote cell site management for the mobile RAN
 IAB-3000 Integrated Access Bank Compact and economical channel bank for multiservice voice/data access
 SPS-1000 Signal Processing System Voice conferencing and data bridging for SCADA/telemetry applications


Intelligent Optical Switching at the DISA Network Core
The Global Information Grid-Bandwidth Expansion (GIG-BE) Project

Some Communications Really Are Mission-Critical

When the US Department of Defense (DoD) decided they needed a super-high-speed network, they soon realized the best course of action was to build their own. The result –
the Global Information Grid-Bandwidth Expansion (GIG-BE) project – formed a state-of-the-art network foundation for DoD communications, under the jurisdiction of their Defense Information Systems Agency (DISA).
GIG-BE created a robust, IP-based network where bandwidth is no longer a constraint and vast quantities of information can be distributed, analyzed, and shared in a more efficient and effective manner. The new network ensures secure, high bandwidth capability over a physically diverse, optical mesh architecture that interconnects key intelligence, command, and operational locations throughout the continental United States (CONUS), Pacific, and European Theaters.
We’re proud to say that Sycamore intelligent optical switching technology plays a pivotal role in providing connectivity for one of the world’s most advanced and technically innovative networks.

About DISA

The GIG-BE project is a highly strategic initiative of the Defense Information Systems Agency (DISA) within the US Department of Defense (DoD). DISA is a combat support agency responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions and operating the Global Information Grid to serve the needs of the President, Vice President, Secretary of Defense, Joint Chiefs of Staff, Combatant Commanders, and other DoD Components under all conditions of peace and war.

DISA is the preferred provider of Global Net-Centric Solutions for the Nation’s warfighters and all those who support them in defense of the Nation. For more information, visit

Why the World’s Best Consistently Choose Sycamore

After rigorous testing of the leading optical switch products, DISA and SAIC concluded that the Sycamore switch represented the best technical solution, based on their evaluation criteria:

- Operationally proven product reliability
- Advanced networking software intelligence
- Industry-leading switch capacity and system scalability
- Support for diverse protection schemes
- Advanced network emulation and design tools

GIG-BE was operational by year-end 2005 and, after follow-on evaluation, accredited to support very high-speed traffic classified up to and including Top Secret. Achieving DISA’s vision of “a color to every base” entailed physically diverse network access and substantial upgrades to the optical backbone. GIG-BE met this objective in a state-of-the-art switched optical network with 10 Gbps OC-192 or faster connections serving 85 sites throughout the world.

The ultimate goal is to bring the efforts of the military, the intelligence community, and other coalition forces together to ensure US forces get the information they need to complete a mission in as near real-time as possible. Taking the next step in that direction, the GIG-BE team is planning for the transformation and optimization of DISN subsystems (voice, data, video). They intend to provide converged services by the end of the decade. It’s a safe bet they will.

Offline infowarrior_039

  • Member
  • *****
  • Posts: 789
  • explosions in the sky
    • Truth Archive
Re: DoD - Juniper Networks- DISA - DSN - JITC - GIG - Cyber Security
« Reply #4 on: August 29, 2009, 05:19:02 pm »


Company Overview – Intelligent Bandwidth Management (PDF 158 KB)
Empowering Connections for Government Networks (PDF 1.4 MB)
Intelligent Multiservice/Optical Switching Products
Product Brief: SN 16000 Intelligent Optical Switching Platform – Service Provider (PDF 830 K)
Product Brief: SN 16000 Intelligent Optical Switching Platform – Government (PDF 833 K)
Product Brief: SN 9000 Intelligent Multiservice Switch – Service Provider (PDF 1.2 MB)
Product Brief: SN 9000 Intelligent Multiservice Switch – Government (PDF 1.2 MB)
Product Brief: SN 3000 Intelligent Optical Edge Switch (PDF 705 KB)
Datasheet: SN 16000 Intelligent Optical Switching Platform – Service Provider (PDF 340 KB)
Datasheet: SN 16000 Intelligent Optical Switching Platform – Government (PDF 340 KB)
Datasheet: SN 9000 Intelligent Multiservice Switch – Service Provider (PDF 577 KB)
Datasheet: SN 9000 Intelligent Multiservice Switch – Government (PDF 577 KB)
Datasheet: SN 3000 Intelligent Optical Edge Switch – Service Provider (PDF 363 KB)
Datasheet: SN 3000 Intelligent Optical Edge Switch – Government (PDF 365 KB)
Datasheet: BroadLeaf Networking Software (PDF 274 KB)
Datasheet: SILVX Intelligent Network Management (PDF 348 KB)
Datasheet: Universal Service Card (PDF 950 KB)
Datasheet: Multirate Ethernet Card for the SN 9000 Multiservice Switch (PDF 555 KB)
Case Study: Empowering Next-Generation Digital Media Distribution (PDF 320 KB)
Case Study: Intelligent Optical Switching at the DISA Network Core (PDF 340 KB)
Application Note: Control Plane Intelligence for Multiservice Networks (PDF 327 KB)
Application Note: Core Transport Optimization for Mobile Networks (PDF 358 KB)
Application Note: Efficient MSO Inter-Regional Core Networks (PDF 309 KB)
Application Note: Field-Proven Intelligent Optical Control Plane Solutions (PDF 297 KB)
Application Note: Integrated ADM/MSPP/DCS for Regional/Core Applications (PDF 469 KB)
Application Note: Intelligent Ethernet Transport for Multiservice Networks – Service Provider (PDF 334 KB)
Application Note: Intelligent Ethernet Transport for Multiservice Networks – Government (PDF 524 KB)
Application Note: International SONET/SDH Gateway Services (PDF 258 KB)
Application Note: Practical Ethernet Solutions for Mobile Core Networks (PDF 300 KB)
White Paper: Proven Operational Benefits and Business Value of Optically Switched Networks (PDF 987 KB)
Byline: EtherOptics Optimizes Intelligent IP/Ethernet Transport – Lightwave (PDF 397 KB)
Byline: Intelligent Optical Layer Improves Broadband Disaster Recovery – Lightwave (PDF 1.0 MB)
Access Gateway and Digital Cross-Connect Products
Product Brief: DNX Cross-Connect Platform (PDF 1.1 MB)
Datasheet: S-DNX Cross-Connect (PDF 747 KB)
Datasheet: DNX Module Sets (PDF 604 KB)
Datasheet: PSX-5300 Protection Switch (PDF 504 KB)
Datasheet: DNX-1u Access Gateway (PDF 420 KB)
Datasheet: IAB-3000 Integrated Access Bank (PDF 832 KB)
Datasheet: SPS-1000 Signal Processing System (PDF 433 KB)
Datasheet: ENvision Plus Network Management (PDF 513 KB)
Datasheet: Circuit/Packet eXchange (CPX) Module Set (PDF 491 KB)
Datasheet: Low Speed Optical Modules for Utility Communications (PDF 390 KB)
Application Note: Efficient Consolidation for Teleport Networks (PDF 379 KB)
Application Note: Migrating SS7 Signaling Networks to Sigtran (PDF 271 KB)
Application Note: Mobile Backhaul Optimization (PDF 347 KB)
Application Note: Optimizing VoIP Platforms for MSO/Cable Operators (PDF 337 KB)
Application Note: Telemetry Networks: Monitor and Control Remote Sites (PDF 282 KB)
Application Note: Utility Network Optimization (PDF 387 KB)
Case Study: Mobile RAN Telemetry: Three Solutions Scenarios (PDF 615 KB)
White Paper: Secure and Reliable Utility Telecom Networks (PDF 493 KB)
Services & Support
Brochure: Services and Support (PDF 339 KB)
Datasheet: Disaster Recovery (PDF 159 KB)
Datasheet: Engineering, Furnishing, Installation & Test (EFI&T) (PDF 161 KB)
Datasheet: Network Audit (PDF 163 KB)
Datasheet: Software Upgrades (PDF 159 KB)